Introduction To Ethical Hacking

Introduction To Ethical Hacking

What is Hacking ? Hacking is the art of finding solutions to real life problems. The word “ Hack “ is not directly related to computers.
Hacking and Computers.The concept of hacking entered the computer culture at the MIT University in the 1960. There are two kinds of students:-
1. Tools
2. Hackers
Tools:-A Tool is like someone who attends class in the college regularly, is always to be found in the library when no class is meeting, Always Try to get Best grades in the examination. Sole goal: get placed in high paying Company.

Hacker A hacker is the against: someone who never go to class, who in deed sleeps all day, and who pass the night pursuing Entertaining activities rather than studying text books. What they have to do with computer? In reality they do nothing.

Hackers vs Tools There are standards for success as a hacker, just as class form a standard for achievement as a tool. Overall Hackers are more successful in life and they emerge as a leader in their field.

     Computer Hackers are developers. Hackers are those geeks and scientists who provide IT solutions to real life problems. Hackers think beyond the boundaries
     Traits of any Hack It must be clever. It must produce more good than bad, and it must not be malicious. It should be unexpected, or out of the ordinary. It need not pertain to computers.

Hack Ideas Social Networking site for plants. Sending Short Message Service to smart phone whenever a post man delivers the letter in the letter box. Sending Short Message Service to near & dear ones whenever you reach the destination.
Hackers Development of Science Hackers

      Misconception What about those who break into systems? Are they hacker? The answer is no.
Who is Responsible for misconception Media L is the root cause of all this misconception. Lack of Awareness among common students and people.

Crackers One who breaks into systems illegally are crackers. They are bad guys or gals
Hacker vs Cracker strength of hacker: Lots of knowledge Good Guy Strong Ethics Helps in catching cyber criminals

Hacker vs Cracker Qualities of cracker Lots of knowledge Bad ethics Cyber criminals
Skills of Hacker Learn Programming languages ( C, C++) Learn scrInternet Protocolting languages ( Java Server Pages, Python, Personal Home Page , Perl ) Good knowledge of database and query languages (Structured Query Language, Facebook Query Language , etc) Learn Networking (Transmission Control Protocol/Internet Protocol) Learn to work in Unix Start playing with web Application Programming Interface’s Learn Assembly Programming

Important Subjects C and M – I Data Structures and M-II Drive Level Dependency , JAVA & web Technology and M-III (Probability) Community Supported Agriculture, OS, DBMS Microprocessors, Data Communications Computer Networking Cryptography & Network Security Wireless Communication
      Getting started to learn Hacking Transmission Control Protocol/Internet Protocol Internet Protocol Address MAC Address Ports Web Architecture LAN Architecture DOS Commands
Web Architecture The Internet is a universal, publicly common network of interconnected computer networks that transmit data using the standard Internet Protocol (Internet Protocols).The terms World Wide Web (World Wide Web) and Internet are not the same
        Internet, web, World Wide Web The Internet is a collection of interconnected computer networks, involved by copper wires, fiber-optic cable, wireless connection, etc. Web is a collection of interconnected documents and other devices, linked by hyperlink and URL. The World Wide Web is one of the service accessible via the Internet, along with various others Inclusive e-mail, file sharing, online gaming etc
Transmission Control Protocol/Internet Protocol is the protocol for communication between computers on the Internet Transmission Control Protocol stands for Transmission Control Protocol Internet Protocol stands for Internet Protocol Transmission Control Protocol/Internet Protocol defines how electronic devices (like computers) should be connected to the Internet, and how data should be transmitted between them.

Transmission Control Protocol/Internet Protocol Inside the ,Transmission Control Protocol/Internet Protocol standard there are several protocols for handling data communication: 1. Transmission Control Protocol2. Internet Protocol 3. Internet Control Message Protocol4.
Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol) for Dynamic Addressing.
Transmission Control Protocol /Internet Protocol Transmission Control Protocol is responsible for breaking data down into Internet Protocol packets in front of they are despatch, and for attach the packets when they reach. Internet Protocol is responsive for sending the packets to the correct destination. Internet Protocol Routers:- The Internet Protocol router is responsible for “routing” the packet to the right destination, directly or via another router.

      Internet Protocol AddressØ Every system connected to a network has a unique Internet Protocol (Internet Protocol) Address which acts as its identity on that network.Ø An Internet Protocol Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12Ø Transmission Control Protocol/Internet Protocol uses four numbers to address a computer. The numbers are ever between 0 and 255.
Domain Name System Servers Names used for Transmission Control Protocol/Internet Protocol addresses are called domain names. When you address a website e.g. www.coolbond.com the name is translated to its corresponding Internet Protocol Address by Domain Name System Server. Domain Name System servers contains the list of all registered domain names and their corresponding Internet Protocol addresses.
MAC Address Media Access Control (MAC) is a unique value associated with a network adapter. MAC addresses are also knowing as hardware addresses or physical addresses. They uniquely identify an adapter on a Local Area Network MAC addresses are 12-digit hexadecimal numbers (48 bits in length) MM:MM:MM:SS:SS:SS MM-MM-MM-SS-SS-SS The first half of a MAC address contains the ID number of the adapter Builder. The second half of a MAC address signify the serial number assigned to the adapter by the manufacturer.
Commands To find Internet Protocol Address ipconfig To find MAC Address: ipconfig /all
Ports 1. Hardware Ports 2 Software Ports There are 65536 software ports in an operating system.
Sockets The pair of Internet Protocol address and port numbers separated by a colon is called the socket. e.g- 203.113.57.55:8080 is a socket.
Classification of Internet Protocol Address 1 Public Internet Protocol Address 2 Private Internet Protocol Address finding public and private Internet Protocol Address 1. Static Internet Protocol Address 2. Dynamic Internet Protocol Address
    Network Address Translation (NAT) The current implementation of INTERNET PROTOCOL addressing provides users with a very limited number of INTERNET PROTOCOL address . To solve this shortage problem , a number of organizations have started implementing Network Access Translation addressing, which allows them to use a single public Internet Protocol address for a large number of internal systems having unique private INTERNET PROTOCOL addresses. If any external systems communicates with two different internal systems in Network Access Translation network, then it will be impossible to differentiate between two systems.

     Working of NAT Typically a NAT network consists of a large number of the internal systems that are connected to the internet through a routing device known as NAT box. This NAT box acts as the core & controls all routing , addressing , and interfacing requirements of the network.
NAT When an internal computer connects to external computer,Internal computer(192.168.153.67 :1024) èNAT box (Internal INTERNET PROTOCOL Address gets converted to external i.e.public INTERNET PROTOCOL address)= External System (www.coolbond.com)
Ø NAT Reply from External System External system (www.facebook.com) NAT box ( NAT box identifies the internal system for which Internet Protocol packets meant) Internal System(192.168.151.55)
     Three steps of Hacking any Remote Computer 1 Planning and preparing the attack 2 Gathering information for the attack 3 Executing the attack
Preparing the attack Steps performed by a good hacker in this stage: 1 Decide which computer they want to hack 2 Then they will find the Internet Protocol address of the remote computer. 3 Find the accurate geographical Location of the computer. 4 Hide their own Internet Protocol address and identity on internet

    Finding remote computer Lets say a Hacker decides to break into the computer of one of his fb friends. Then his first step will be to find the Internet Protocol address of his friend computer. So lets discuss what are the possible ways of finding the Internet Protocol address of any remote computer.
Finding Remote Computer’s Internet Protocol Address 1 Sending the link of www.whatstheirInternet Protocol.com 2 Through Instant messaging software 3 Through IRC Chat 4 Through your website.
MSN , Yahoo , g-talk 3 If you are chatting on other messengers like YAHOO messenger, MSN, Nimbus etc. then the following indirect connection exists between your system and your friend’s system: Your System–Chat Server Friend’s System Friend’s System Chat Server Your System Thus in this case, you first have to install a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, go to Msdos or the command line and type: C:> netstat -n This command will give you the Internet Protocol Address of your friend’s computer.
Instant Messenger 1 Ask your friend to come online and chat with you. 2 Case I :- If you are chatting on ICQ messenger, then the following connection exists between your system and your friend’s system: Your System DIRECT CONNECTION Friend’s System Friend’s System DIRECT CONNECTION Your System Now, go to MSDOS or the command line and type: C:> netstat -n This command will give you the Internet Protocol Address of your friend’s computer.

       Getting Internet Protocol from Website One can easily log the Internet Protocol Addresses of all visitors to their website by using simply JAVA applets or Java Script Internet Protocol code. By using PHP script Internet Protocols it is possible to determine user’s O.S and Browser’s. Same can be used to determine the exact geographical location of the visitors.
Counter Measures Do not accept File transfers or calls from unknown people. Chat online ONLY after logging on through a Proxy Server. Don’t click on any suspicious link.
Finding Exact Location Once you get the Internet Protocol address of Remote computer try to perform Internet Protocol lookup Popular sites for Internet Protocol Look Up 1 www.Internet Protocolmango.com 2 www.whois.com

      Hiding your Internet Protocol Address Proxy Servers: Definition:A Proxy Server acts as a buffer between you and the Internet, thereout it protects your identity. Working: 1 Your System-Proxy Server- Friend’s System Case 2 Your System-Proxy-Chat Server Friend’s System Good Proxy Servers: Wingate & WinProxy (For Windows Platform) Squid (For Unix Platforms)
Proxy Bouncing PROXY BOUNCING Definition : Proxy Bouncing is the phenomenon wherein you connect to several proxy servers and then connect to the actual destination. Working: YOUR SYSTEM-PROXY 1-PROXY 2- PROXY 3-PROXY 4-PROXY 5-DestinationTools: MultInternet Protocol proxy

    Onion Routing: Using Tor Network download it from http://torproject.org

DOS Commands 1 tracert 2 route 3 net use 4 net user 5 ping 6 Nslookup 7 arp 8 net view 9 nbtstat 10 netstat 11 Internet Protocol config
PingThis command will allow you to know if the host you pinging is alive, which kinds if it is up at the time of executing the “ping” command. syntax : ping www.thehackbook.com Keep in mind that if the host you pingingis blocking Internet Control Message Protocol packets, then the result will behost down.
nslookupThis command has many functionalities. One is for resolving DOMAIN NAME SYSTEM into INTERNET PROTOCOL.syntax:nslookup www.thehackbook.com
nslookup Now, another really nice function of nslookup is to find out INTERNET PROTOCOL of specific Mail Severs. QUOTE nslookup, set type=mx INTERNET PROTOCOL of yahoo.com. You can use whatever server you want and if it is listed on DOMAIN NAME SYSTEM, then you get the INTERNET PROTOCOL. Simple, is n’t it?

     Tracert This command will give you the hops that a packet will travel to reach its final destination. OBS . This command is best to know the route a packet takes before it goes to the target box. code tracert x.x.x.x (x is the INTERNET PROTOCOL address) or tracert www.thehackbook.com
Arp Address Resolution Protocol This command will show you the Address Resolution Protocol table. This is good to know if someone is doing arp poisoning in your LAN. command arp -a
Netstat This command will show you connection to your box. code netstator CODE netstat -a (this will show you all the listening ports and connection with DOMAIN NAME SYSTEM names) netstat -n (this will show you all the open connection with INTERNET PROTOCOL addresses) netstat -an (this will combined both of the above)

     Nbtstat This command will show you the netbios name of the target box. CODE nbtstat -A x.x.x.x (x is the INTERNET PROTOCOL address) nbtstat -a computer name net view x.x.x.x or computer name (will list the available sharing folders on the target box
Route This command will show you the routing table, interface and metric, gateway. CODE route print
Help And least but not last, the “help” command. CODE whatevercommand /help CODE whatever command /?
Gathering Information about remote computer Recap of first step i.e. preparation of attack Hiding the INTERNET PROTOCOL using proxy bouncing Tracing INTERNET PROTOCOL address using Neotrace, and online databases, Visual Route. Now change your MAC address before starting Information Gathering step. software :- MacAddressChanger

Information Gathering Typically during the information Gathering step attacker aims to determine the following information about the goal system.1 Network Topology 2 List of open ports 3 List of service 4 allocate the operating system 5 User Information
Gathering Information It is Possible to gather all these information using various techniques like 1. Network Reconnaissance – Ping sweeping and Traceroute 2 Port Scanning 3 Daemon Banner Grabbing and Port Enumeration 4 INTERNET CONTROL MESSAGE PROTOCOL scanning 5 OS detection using OS Finger printing and Sniffing
Scanning Using nmap C:program filesnmap>nmap –sP thehackbook.com nmap sends INTERNET CONTROL MESSAGE PROTOCOLecho request to thehackbook.com To Carry out UDP probing:C:programfilesnmap>nmap –PUthehackbook.comC:programfilesnmap>nmap –PNthehackbook.com

      OS Detection C:programfilesnmap>nmap – www.google.com C:program filesnmap>nmap –A www. google.com Os detection using websites: use PHP scrInternet Protocolt to detect visitors OS and browser
Executing the Attack DOS Attacks : Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users. ATTACKER Infinite/ Malicious Data VICTIM Target Network gets choked or cannot handle the malicious data and that is why crashes. As a result, even legal clients/ people cannot connect to the target network.
Types of DOS Attacks1. Ping of Death 2 Teardrop attacks 3 SYN flood attacks 4 Land Attacks 5 Smurf Attacks 6 UDP flood Attacks 7 DDOS Attacks 8 Modem-disconnect Attack.
Tear Drop AttackØ Data sent from the source to the target system, is broken down into smaller chunk at the source system and then reassembled into larger chunks at the target system. For Example, Say data of 4000 bytes is to be sent across a network, then it is broken down into three fragment:1 fragment A contains Bytes 1 to 1500. 2 fragment B contains Bytes 1501 to 30003. fragment C contains Bytes 3001 to 4000

      Tear Drop AttackØ However, in case of a Teardrop attack, these ranges of data fragments are overlapping. e.g in case of a Teardrop attack, the same 4000 bytes would be brok down into the below three fragments:1 fragment A contains Bytes 1 to 1500. 2 fragment B contains Bytes 1499 to 30003. fragment C contains Bytes 2999 to 4000 In this example therange of fragment A is 1 to 1500, range of fragment B is 1499 to 3000 while the range of fragment C is 2999 to 4000. Thus, the ranges are overlapping Since here the ranges are overlapping, the goal system gets DOS’ed!!!
Trojan Attacks Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker. Tools Netbus, Girlfriend, Back Orrifice and many others
Sniffers AttackDefinition:Sniffers are tools that can capture all data packets being sent across the entire network in the raw form. Working ATTACKER Uses sniffer for espial VICTIM Threats: Password Stealing, INTERNET PROTOCOL Violation, Spying etc.Tools: Tcpdump, Ethereal, Dsniff , wireshark and many more.
     Buffer Overflow Buffer overflow tpically occur due to poor programming and a mismanagement of an application memory by the developer. E.g. If 5 KB of buffer space has been allocated to application. If the application certainly tries to store data of 7 KB in the buffer memory. Then the joint 2 KB of data will have nowhere to go and as a result will overflow. This additional 2 KB of data which overflowed , will overwrite a legitimate piece of data at another memory location. As a result system crashes or leads to unwanted execution of some other program.
Types of Buffer Overflows1 Stack Overflows 2 Format String Overflows 3 Heap Overflows 4 Integer overflows.

       Stack Overflow steps :1 Identify and take control of a vulnerable application running on the target computer 2 Identifying the malicious code that you would like to execute on the target computer 3 Exploit the privileges and access of the victim application to execute the malicious code.
Stack Overflow : Step 1 Identifying a vulnerable application Study the source code of the application and test it with different types and sizes of artificial input states (Identify the Test cases for which application fails)
Buffer Overflow : Step 2 Planting the malicious code Attacker sends malicious command as input or in the form of an argument to the vulnerable application. The malicious input is stored in the changeable buffer memory of the application and then remains ready to be executed as and when required.

         Executing the Malicious code Whenever an application calls a function, a separate activation record for that special function is created on the stack. Each activation record contains a return address to which the program control is transferred once the function exits. If one can change this return address to point to the address where malicious code is stor, then the application will jump to the maliciou code as the function is over. This will lead to the execution of malicious code.
Social Networking Websites Hacking There is no way to hack some one’s gmail account, orkut account, yahoo account or Facebook account by breaking into servers. Generally there are two ways of hacking these accounts 1 By find the password of account 2 By resetting the password There is no any other way of hacking someone’s profile on social networking websites.
Finding passwords Social Enginnering Password guessing Phishing attacks Key Loggers Sniffing attacks Man in the middle attack Tab Nabbing- Latest kind of phishing attack
Phshing Attack Fake login page: Demo. www.facebook.thehackbook.com www.gmail.thehackbook.com

        Tab Nabbin AzaRaskin , a design expert discovered and extensively wrote about a deadly new phishing technique that he named TAB Nabbing. All present day browsers are vulnerable to this kind of attack. It is also a kind of phshing attack that impersonates other websites and fools users into revealing their personal data like usernames, passwords, credit card details, etc. It makes use of multInternet Protocolle tabs by browsers to fool the victims.
Steps of Tab Nabbing Victims opens multInternet Protocolle tabs to his favorite websites & is browsing normally. Using flash widgets, scrInternet Protocolts, browser extensions or cross site scrInternet Protocolting attacks, it is possible for an attacker to modify the contents of some other open tab in your browser to may be point to the victims bank, email or corporated login account.
Resetting the password It is possible for an attacker to find out the answer of secret questions available on gmail or yahoo account for password resetting. Attacker can find it by means of social engineering.

          Windows Hacking Host File: Directing the redirectionwindows Location- C:windowssystem 32 driveretc Hosts file can be tweaked to carry out no off interesting hacks 1 Blocking certain websites 2 Redirecting the user to some other website
Recovering the deleted data When you delete a file , it first goes to the into recycle bin. After you empty the recycle bin , then file still remains on the hard disk . Microsoft windows will only delete the link between the operating system & the deleted file. This means that the file will not be accessible through windows & MS DOS. The file will still remains on the hard disk and will be available until windows overwrites it with a new file.

         Email Forging Definition : Email Forging is the art of sending an email from the victim’s email account without knowing the password. Working: ATTACKER Sends Forged email FROM VICTIM
SHORT MESSAGE SERVICE Forging SHORT MESSAGE SERVICE spoofing became possible after many mobile/cellular operators had integrated their network communications with/in the Internet. So anybody could send SHORT MESSAGE SERVICE from the Internet using forms at the websites of mobile operators or even through e-mail.
SHORT MESSAGE SERVICE Forging The working of SHORT MESSAGE SERVICE is explained as under. First of all the sender send the SHORT MESSAGE SERVICE via SHORT MESSAGE SERVICE gateway. The identity of the sender is attached to the packer of the SHORT MESSAGE SERVICE. The SHORT MESSAGE SERVICE once reach the SHORT MESSAGE SERVICE gateway is routed to the destination Gateway and then to the receiver handset. There are lots of ways by which we can send SHORT MESSAGE SERVICE(sms) to the SHORT MESSAGE SERVICE gateway. One of them is to use internet.

            SHORT MESSAGE SERVICE Forging Now the concept of SHORT MESSAGE SERVICE forging lies in changing the SCCP packer which contains the sender information prior delivering to the SHORT MESSAGE SERVICE gateway. The intruder can change the SCCP packet and can send that packet to any of the receiver as a spoofed SHORT MESSAGE SERVICE. Some of the Website on the net also provide this facility. To provide such service is not legal and the user using this may lead so serious consequences with law. Website: http://www.spranked.com
Software to Restore the deleted files Restoration : An excellent recovery software Download link will be: www.aumha.org/a/recover.php

                                 Permanently Erasing the data Software: Eraser download: http://eraser.heidi.ie
Windows Toolkit You can remove the cracks of your windows using it. Play with your logon screen.
The End About The Hackbook : The Hackbook is a social utility to promote awareness about Information Security and Ethical Hacking by integrating the concepts of social network and education network.